Hackfest 2024 - 16-bit Edition

Your locale preferences have been saved. We like to think that we have excellent support for English in pretalx, but if you encounter issues or errors, please contact us!

Antoine Carossio

Antoine is cofounder & CTO of Escape. He is a former French National Secret Agency and Apple security engineer and penetration tester. He is one of the maintainers of Clairvoyance and the co-author of GraphQL Armor.


Which country are you from?

France

Your twitter or other social network

iCarossio


Session

10-12
16:30
50min
Challenges of GraphQL security in 2024
Antoine Carossio

GraphQL’s capability to fetch precisely what’s needed and nothing more, its efficient handling of real-time data, and its ease of integration with modern architectures make it a compelling choice for modern web and mobile applications. As developers seek more efficiency and better performance from their applications, GraphQL is increasingly becoming the go-to technology for API development. However, building and maintaining GraphQL applications requires careful consideration of security.

In this talk, security engineers will strengthen their GraphQL security skills by learning key techniques such as complexity management, batching, aliasing, sanitization, and depth limit enforcement. They will also learn to implement customizable middleware with their development team, like GraphQL Armor, for various GraphQL server engines.

Participants will explore different techniques and packages, and apply them to enhance the safety of their GraphQL applications. By the end of the talk, attendees will be equipped with practical knowledge to build secure and efficient GraphQL APIs.

Defensive
Track 1 (206b)